WordPress Plugin Vulnerabilities

Potent Donations for WooCommerce < 1.1.10 - Cross-Site Request Forgery

Description

Cross-Site Request Forgery (CSRF) vulnerability in WP Zone Potent Donations for WooCommerce plugin <= 1.1.9 versions.

Affects Plugins

Plugin icon
donations-for-woocommerce
Fixed in 1.1.10

References

CVE
CVE-2023-35912
URL
https://patchstack.com/database/vulnerability/donations-for-woocommerce/wordpress-potent-donations-for-woocommerce-plugin-1-1-9-cross-site-request-forgery-csrf-vulnerability

Classification

Type
CSRF
OWASP top 10
A2: Broken Authentication and Session Management
CWE
CWE-352
CVSS
4.3 (medium)

Miscellaneous

Original Researcher
qilin_99
Verified
No
WPVDB ID
23d68130-24c6-48c1-9a9e-2382b50744ca

Timeline

Publicly Published
2023-06-21 (about 2 years ago)
Added
2023-07-10 (about 2 years ago)
Last Updated
2023-07-10 (about 2 years ago)

Other

Published
Title
Published
2023-11-14
Title
Events Addon for Elementor < 2.1.3 - Cross-Site Request Forgery
Published
2025-04-01
Title
CLP – Custom Login Page by NiteoThemes <= 1.5.5 - Cross-Site Request Forgery
Published
2022-07-22
Title
Stockists Manager for Woocommerce <= 1.0.2.1 - Stored Cross-Site Scripting via CSRF
Published
2015-01-22
Title
Contact Form 3.82 - Unauthorized Language Manipulation
Published
2023-10-12
Title
Taggbox <= 3.3 - Cross-Site Request Forgery